CVE-2017-13676 - OpenCVE

Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Norton	Remove \& Reinstall

Configuration 1 [-]

cpe:2.3:a:norton:remove_\&_reinstall:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/100939	Third Party Advisory VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00	Mitigation VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2017-09-26T00:00:00

Updated: 2017-09-28T09:57:01

Reserved: 2017-08-24T00:00:00

Link: CVE-2017-13676

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-09-28T01:29:01.373

Modified: 2017-10-06T19:04:52.737

Link: CVE-2017-13676

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "Norton Remove & Reinstall", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 4.4.0.58"}]}], "datePublic": "2017-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability."}], "problemTypes": [{"descriptions": [{"description": "DLL Preloading", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00"}, {"name": "100939", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100939"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2017-09-26T00:00:00", "ID": "CVE-2017-13676", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Remove & Reinstall", "version": {"version_data": [{"version_value": "Prior to 4.4.0.58"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DLL Preloading"}]}]}, "references": {"reference_data": [{"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00", "refsource": "CONFIRM", "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00"}, {"name": "100939", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100939"}]}}}}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2017-13676", "datePublished": "2017-09-26T00:00:00", "dateReserved": "2017-08-24T00:00:00", "dateUpdated": "2017-09-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:norton:remove_\\&_reinstall:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FECBAB0-646F-4DAE-BB3E-30AFDA299280", "versionEndIncluding": "-", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability."}, {"lang": "es", "value": "Norton Remove Reinstall puede ser susceptible a una vulnerabilidad de precarga de DLL. Este tipo de problema ocurre cuando una aplicaci\u00f3n trata de llamar a un DLL para ejecutarlo y un atacante proporciona en su lugar un DLL malicioso. Dependiendo de c\u00f3mo est\u00e9 configurada la aplicaci\u00f3n, \u00e9sta por lo general seguir\u00e1 una ruta de b\u00fasqueda espec\u00edfica para localizar el DLL. La vulnerabilidad puede ser explotada mediante una escritura simple de archivo (o, potencialmente, una sobrescritura), lo que resulta en un DLL externo que se ejecuta bajo el contexto de la aplicaci\u00f3n. Se ha lanzado una actualizaci\u00f3n de Norton Remove Reinstall, la versi\u00f3n 4.4.0.58, que soluciona esta vulnerabilidad."}], "id": "CVE-2017-13676", "lastModified": "2017-10-06T19:04:52.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-28T01:29:01.373", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100939"}, {"source": "secure@symantec.com", "tags": ["Mitigation", "VDB Entry", "Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170926_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}